Skip to content

fix: bump @fastify/static to 9.1.3#8210

Open
AviVahl wants to merge 1 commit intonetlify:mainfrom
AviVahl:fastify-static-security-vulnerability
Open

fix: bump @fastify/static to 9.1.3#8210
AviVahl wants to merge 1 commit intonetlify:mainfrom
AviVahl:fastify-static-security-vulnerability

Conversation

@AviVahl
Copy link
Copy Markdown
Contributor

@AviVahl AviVahl commented Apr 26, 2026

Summary

  • upgrade @fastify/static to latest release to fix vulnerability
  • changed semver request to use a caret
  • also bumped local locked postcss version to newer non-vulnerable release

@AviVahl
fix: bump @fastify/static to 9.1.3
c31da26 
- upgrade to latest release to fix vulnerability
- changed semver request to use a caret
- also bumped local locked postcss version to newer non-vulnerable release.
@AviVahl AviVahl requested a review from a team as a code owner April 26, 2026 10:56
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Apr 26, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 25e7e36e-1327-4b27-b03c-389f8932ec3d

📥 Commits

Reviewing files that changed from the base of the PR and between 0415e87 and c31da26.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (1)
  • package.json
📝 Walkthrough

Summary by CodeRabbit

  • Chores
    • Updated dependency to enable automatic installation of compatible patch and minor updates, ensuring access to the latest improvements and fixes.

Walkthrough

The pull request updates the @fastify/static dependency in package.json from an exact pinned version 9.0.0 to a caret semver range ^9.1.3. This change allows compatible minor and patch releases within the 9.x version range to be installed, while maintaining the major version constraint. No code logic or exported entities are affected.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the main change - bumping @fastify/static to version 9.1.3, which matches the primary file modification in package.json.
Description check ✅ Passed The description is directly related to the changeset, explaining the upgrade of @fastify/static for security reasons and the semver change to caret notation.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AviVahl